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Abstract 

We are concerned with the Hidden Subgroup Problem for finite 
groups. We present a simplified analysis of a quantum algorithm pro- 
posed by Hallgren, Russell and Ta-Shma as well as a detailed proof of 
a lower bound on the probability of success of the algorithm. 



1 Introduction 



We are concerned with the following version of the Hidden Subgroup Prob- 
lem. 

Problem. Given a finite group G, a finite set X and a map f : G — > X 
which is constant on the left cosets of some unknown subgroup H of G and 
distinct on distinct cosets, determine the subgroup H . 

Shor's quantum algorithms for prime factorization and discrete logarithms 
jO], Simon's quantum algorithm for the "XOR-mask" problem [2] as well 
as the open Graph Isomorphism Problem |3j all reduce to instances of the 
Hidden Subgroup Problem (although in the case of prime factorization the 
group G is not finite). In this note we study a quantum algorithm proposed to 

*The author has received financial support from Emil Herborgs Legat. 
2000 Mathematics Subject Classification. Primary 81P68; Secondary 68Q17. 
Key words and phrases. Hidden Subgroup Problem, quantum computation, quantum 
Fourier transform, quantum algorithms, computational complexity. 



1 



solve the Hidden Subgroup Problem in which the quantum Fourier transform 
has a significant role pQ. 



We shall require quantum registers capable of representing the elements of 
G and X. Thus, let Tic and Tix denote quantum registers with ortho normal 
bases {\g) \ g G G} and | x G X} indexed by the elements of G and 
X, respectively. We suppose that the map / is given as a unitary operator 
U f :H G ®H X — > 7~(-g ® Tlx such that 

\g) ® \x Q ) •— > \g) ® \f{g)) 

for some fixed Xq G X. Next we briefly describe the quantum Fourier 
transform. A representation of G is a homomorphism p : G — ► (C), 
where Ud p (C) denotes the group of unitary d p x d p matrices with com- 
plex entries. The set of all inequivalent irreducible representations is de- 
noted G. Let TCq denote a quantum register with an orthonormal basis 
{\p, i,j) | p G G and 1 < i, j < d p } indexed by the elements of G and their 
entries. The quantum Fourier transform F : Tic — is the unitary 
operator defined by 



\g) 1 — ► JrQiP(9)ij\p,hj)- 
ped ' 

l<i,j<d p 

The quantum experiment and algorithm we study are the following. 
Experiment. 



1. Initialize a quantum system in the state \ptHvi 1, 1) ® \ x o) , where p tr w 
denotes the trivial representation of G. 

2. Apply the inverse quantum Fourier transform to the first register re- 
sulting in the uniform superposition 



\=Y,\g)®\^)- 



3. Apply Uf resulting in the entangled state 

\l \ G\ 



c&C heH 
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where C denotes a complete set of coset representatives of the subgroup 



4- Apply the quantum Fourier transform to the first register resulting in 
the final state 



5. Measure the first register and observe a basis vector \p,i,j). 

6. Return the irreducible representation p. 

Algorithm. 

1. Observe n irreducible representations p±, . . . , p n by making independent 
trials of the experiment. 

2. Classically compute the intersection N = f]" =1 ker p^ of the kernels of 
the irreducible representations. 

3. Return the normal subgroup N. 

In general it is not known how to implement the quantum Fourier transform 
efficiently or how to calculate the intersection of the kernels of the irreducible 
representations that are measured. Thus we are interested in the query com- 
plexity of the algorithm which is the number of times it needs to evaluate the 
map /. Note that each trial of the experiment requires only one evaluation 



Obviously, the algorithm may return H only if if is a normal subgroup of 
G. In |T] it is shown that for n = 41og 2 \G\ the algorithm returns the largest 
subgroup of H that is normal in G with high probability. Unfortunately, the 
proof presented there is somewhat unclear. 

In this note we simplify the analysis of the probability distribution induced 
by the experiment. In particular, we completely avoid the entire discussion 
of both restricted and induced representations found in pQ. Furthermore, in 



H ofG. 



G 



1 




of/. 
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the next section we give a lower bound on the probability of success of the 
algorithm as a function of n. More precisely, we prove the following theorem 
which has a curious corollary. 



Theorem 1.1. For n > 2 fi(|G|) the algorithm returns the largest subgroup 
of H that is normal in G with probability at least 

X - l/e ^ { 9^ J' 

where Q(\G\) denotes the total number of prime factors of the order of G. 

For example, if we take n = 41og 2 \G\ the algorithm succeeds with probability 
at least 1 — 1/ exp (| log 2 which essentially is the statement of theorem 
4.3 in [I]. 

It follows from pp. 354-358] that Q(n) has normal order log log n. In 
particular, we have 

< (l + £)loglogn (1.1) 

for all e > and almost all positive integers n. Almost all means that 
the fraction of positive integers less than x for which inequality (jl.lj) hold 
tends to 1 as x tends to infinity. Using this bound we obtain the following 
corollary which in a sense says that in many cases the query complexity is 
exponentially better than in the worst case where f2(|G|) = log 2 \G\. 

Corollary 1.2. For all e > and n > 2(1 + e)loglog|G| the algorithm 
returns the largest subgroup of H that is normal in G with probability at least 

[ 8^-(l + e)\oglog\G\) 2 \ 
1 " 1/GXP [ ¥n J ' 

for almost all orders ofG. 

For example, if we take e = 3.5 and n — 18 log log \G\ the algorithm succeeds 
with probability at least 1 — 1/ log \ G\ for almost all orders of G. We remark 
that with e = 3.5 direct calculations show that 99.92% of all positive integers 
n up to 10 9 satisfy inequality (jl.lj) . 



4 



2 Analysis of the Algorithm 



The experiment induces a probability distribution on the set G. Let X 
denote a random variable with this distribution. It is natural to ask, what 
the probability that X equals a given irreducible representation is. An answer 
to this question is provided by the following lemma. Recall that the character 
X P '■ G — ► C of a representation p is defined by Xp(q) — ^ r (p(fiO)- 

Lemma 2.1. If p is an irreducible representation of G then 

' ' heH 



Proof. By the definition of X, we have 

p <* = >> = raE E 



IGI 



cGC l<i,j<d p 



r dp S ^ l p{cK) i j 



heH 



E 

cec 



G if 



heH 



fee// 



as p is a homomorphism and the Hilbert-Schmidt norm is unitarily invariant. 
Hence, 



P(X = p) 



G \\H 



d n 



\G\\H\ 



\ \heH J \h'eH 



heH h'eH 



dn 



G\\H 

d, 



heH h'eH 



"p 
\G 



heH 



as is unitary for all g <E G. 



□ 



5 



The second part of the algorithm suggests that instead of considering X we 
should look at the transformed random variable Y = kerX. As before, it is 
natural to ask, what the probability that Y equals a given normal subgroup 
is. A partial answer to this question is provided by the following lemma. We 
will need the fact that for any finite group G and any element g G G, we 
have 

J2 d pXp(9) = Se(g)\G\, (2.1) 

where e denotes the neutral element of G and 5 e is the Kronecker delta. 
Lemma 2.2. If N is a normal subgroup of G then 

P(Y DN) = [N -.NHH]- 1 . 



Proof. By the definition of Y and lemma l2~T] we have 

p ( Y ^ N ) = j^J2 E <wo- 

TVCker p 

If p : G — > Ud (C) is an irreducible representation of G which is trivial 
on N then the map p : G/N — > Ud (C) defined by p(gN) = p(g) is a 
well-defined irreducible representation of the quotient group G/N. In this 
way, the irreducible representations which are trivial on N correspond to the 
irreducible representations of G/N. It is clear that d p = dp and xpi.9) — 
Xp(gN) and therefore 

P(Y ~D N) = p E E d ~ P X~ P {hN) 
h£H peG/N 

= T^EM^M^iv], 

where the last equality follows from equation (j2.1|) when applied to the group 
G/N. But hN = N if and only if h E N n H and so 

P(Y D N) = — [G : N] = [N : NH H]' 1 . 

' ' heNnH 

This completes the proof. □ 
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We note two simple consequences of lemma 12 .21 If N C H then [N : NOH] = 
1 and so P{Y D N) = 1. On the other hand, if N £ H then [N : NnH] > 2 
and so P(F D AT) < |. Thus, if we denote by if G the largest subgroup of if 
that is normal in G we may conclude that 

Y DH G (2.2) 

and 

< P(Y D A 7 ") • J {jV ^ } < | (2.3) 

for any normal subgroup A" of G. With these two results, which are lemma 
4.1 and 4.2 in pQ, we are in position to prove theorem ll.il 

Proof. Let X\, . . . ,X n denote independent random variables with the same 
distribution as X and let Y$ = kerXj. The algorithm returns the largest sub- 
group of H that is normal in G with probability 1 — P (Y n • • • D Y n ^ if G ) . 

We will now construct what is sometimes known as a Doob type martingale to 
which we apply Azuma's inequality (jA.ljl in the appendix. Define indicator 

variables by U = /{yon-n^.icyj • I{Y n~nYi-i£B}> wnere Y o is the random 
variable defined by P{Y$ — G) — 1. Note that these indicators need not be 
independent. Still, the partial sums Z{ = Y^j=iih ~ \ Y , . . . , ij-i)) of 
the random variables Jj — E(Ii \ Y Q , . . . , Yi_{) constitute a martingale. The 
fact that the sequence Zi, . . . ,Z n is indeed a martingale with mean Z = 
follows from lemma lA~T1 in the appendix. 

Suppose Y± D • • • fl Y n 7^ H G and consider the descending chain of normal 
subgroups 

Y 2 Y n Y t d Y n Y x n Y 2 d ■ ■ ■ d Y n • • • n Y n . 

Now suppose, indirectly, that Yq fl • • • fl C H for some i. This clearly 
implies that Y 1 n ■■■ HY n C H and so Yi n • • • n Y n C iJ G , as ff is the 
largest subgroup of if that is normal in G. However, by equation ()2.2|) we 
also have the reverse inclusion which is a contradiction. Thus, we must have 
Y H- ■ -nYj-i £ # and therefore Jj = /{yon-ny^icy} = i"{y n-ny j _ 1 =y n-ny < }- 
That is, the sum X^=i(l — ^) counts the number of strict inclusions in the 
above chain. This number is necessarily less than or equal to f2(|G|) and 
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therefore Y17=i ^ — n ~ ^(1^1) ■ Thus, we see that 

P (Y 1 n • ■ ■ n Y n ,± H G ) <P\J2ii>n-n{\G\) 

\i=l , 

= P\Z n >n- Q(\G\) - E Vi \Yo,---, K-i) 
<p(z n >^-Q(\G\i 



i=l 



where the last inequality follows from lemma IA.2I in the appendix. 

We are now almost in position to apply Azuma's inequality (jA.ljl . As - — 
> we only need to verify that the martingale Z%, . . . , Z n has bounded 
differences Z\ — Zi-i = I t — E(Ii \Yq, . . . , K;_i). This follows from 

-5 < h ~ \ < h ~ E(Ii \Y ,..., Y^) <h<l, 
where we have used lemma IA.2[ and so 

P {Y x n • ■ ■ n Y n ^ H G ) < exp ' 1 - ! 1 



This completes the proof. □ 

It should be mentioned that there is a simpler argument, which also utilizes 
()2.2j) and ()2.Hj) . for the fact that for n m logg \G\ the algorithm returns the 
largest subgroup of H that is normal in G with high probability* Unfortu- 
nately, it is not clear how to obtain corollary II . 21 from this simpler argument. 



A Probability Theory 

The conditional expectation E(X \ Y) of a real discrete random variable X 
given any discrete random variable Y is defined whenever P(Y = y) > as 
the random variable which takes the value 

E(X | Y = y) = xP ( X = x\Y = y) 

X 

* Private communication with Alexander Russell. 
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with probability P(Y = y), where the sum is over all the outcomes of X. We 
define the conditional expectation E(X \ Y lt . . . , Y m ) of X given any discrete 
random variables Y\ , . . . , Y m similarly 

A sequence Z\ , . . . , Z n of real discrete random variables is said to be a mar- 
tingale if 

E(Z i+ i | Zi, . . . , Zj) = Zi 

for all i. Taking expectations and applying equation (jA.2|) below we see that 
E(Zi) = E(Zi) for all i. Thus, it makes sense to speak about the mean of a 
martingale. 

Suppose Zi,...,Z n is a martingale with mean Z = E{Z\) and bounded 
differences. That is, for some non-negative constants a and j3 we have —a < 
Zi — Zi-i < (3 for all i. Azuma's inequality then says that for all i and a > 

P(Z ( -Z >a)<expb^). <A1) 
The reader is referred to [SJ p. 307-308] from which this version of Azuma's 
inequality has been adapted. 

In the following two lemmas we use the notation from the proof of theorem 
11.11 We will need that for any discrete random variables Y\ , . . . , Y m and 
Zi, . . . , Z n the following properties hold. 

E(E(X\Y u ...,Y m ))=E(X) } (A.2) 
E(E(X\Y 1 ,...,Y m ,Z u ...,Z n )\Z 1 ,...,Z n )=E(X\Z 1 ,...,Z n ), (A.3) 

E(X\Y 1 ,... 1 Y m )=X (A.4) 
if X is a function of Y±, . . . , Y m , 
E(X\Y 1 ,...,Y m ,Z 1 ,...,Z n )=E(X\Y 1 ,...,Y m ) (A.5) 

if Zi is a function of Yi, . . . , Y m . 

The proofs of these properties may be found in any standard reference on 
stochastic calculus. See for example |lj and 0. 

Lemma A.l. The sequence Zi, . . . , Z n is a martingale with mean Z = 0. 

Proof. Note that Z i+ i = Zi + I i+ i — E(I i+ i \ Y , . . . ,Yi) and so by linearity 
of the conditional expectation 

E{Z i+ i \ Zi, . . . , Zi) 
= E(Zi\Zi, . . . , Zi)+E(I i+ i\Zi, . . . , Zi)—E(E(Ii +1 \Y , . . . ,Yj)\Zi, . . . , Zi). 
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Now, E(Zi | Z\, . . . , = Zi by equation (jA.4j) and 

E(E(I i+1 \Y ,...,Y i )\Z 1 ,...,Z i ) 

= E(E(I i+l \Y ,...,Y h Z\i . . . , Zi) \ Zi, . . . , Zi) 

= E(I i+ i | Z\, . . . , Zi) 

by equations (|A.5J) and ()A.3j) . Thus, we see that E(Z i+ i \ Z%, . . . , Zi) = Zi 
which proves that Z\, . . . , Z n is a martingale. It has mean 

Z = E{Z X ) = E{h) - E{E{h | Y )) = E{h) - E{h) = 

by equation ()A.2j) . □ 

Lemma A. 2. We have < E(U \ Y , . . . , < \. 

Proof. By the definition of conditional expectation 

E(h \Y = N ,..., = Ni-t) = P(I l = l\Y = N ,..., Y^ = N^) 

for all normal subgroups No, . . . , N_i of G for which P(Y = N , . . . , Yj_i = 
A7j_x) > 0. Therefore, 

E(I i \Y = N ,...,Yi_ 1 = N i -. 1 ) 

P(Y n ■ ■ ■ n yu c y u y n ■ ■ ■ n Y^ £h,y = n , ...,Y t _ 1 = n_ x ) 

P(Y = N ,...,Y_ 1 = N^ l ) 

PjN C Y, Y = N ,..., Y^ = N^) ■ I {Nm 
P(Y = N ,...,Y i _ 1 = N l . 1 ) 

where N = NqC\ ■ ■ ■ C\ N^i for short. As the random variables Yq, . . . , Yi are 
independent 

E{I l \Y = N ,...,Y l _ l = N l _ 1 ) 

_ P(N C Yj)P(Y = N ,..., Y t _, = A^i) ■ I [Nm 
P(Y = N ,...,Y l „ 1 = N^ 1 ) 

and the result follows by equation ()2.3|) . □ 
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